Open in app

Sign in

Write

Sign in

Introductory Networking : TryHackMe

Hiteshverma
8 min readFeb 25, 2024

--

An introduction to networking theory and basic networking tools

https://tryhackme.com/room/introtonetworking

Task 1 Introduction

The topics that we’re going to cover in this room are:

  • The OSI Model
  • The TCP/IP Model
  • How these models look in practice
  • An introduction to basic networking tools

Task 2 The OSI Model: An Overview

The OSI (Open Systems Interconnection) Model is a standardised model which we use to demonstrate the theory behind computer networking.

The OSI model consists of seven layers:

I use mnemonics AP STAND UP

Application layer:

provides networking options to programs running on a computer.

Works with applications, providing them an interface to use in order to transmit data.

When data is given to the application layer, it is passed down into the presentation layer.

Presentation Layer:

  • Data in a non-standardized format at the application layer
  • Presentation layer translates data into a standardized format
  • Manages encryption, compression, and other transformations
  • Sends processed data to the session layer

Session Layer:

  • Session layer receives correctly formatted data from presentation layer
  • Checks if it can establish a connection with the remote computer
  • Sends error if connection cannot be established
  • Session layer maintains and synchronizes communication if connection is successful
  • Created session is unique to the communication
  • Enables simultaneous requests to different endpoints without data mix-up
  • Successful connection logged, data passed to Layer 4: the transport layer

Transport Layer:

  • Transport layer selects protocol (TCP or UDP) for data transmission
    - TCP is connection-based, ensuring reliability and re-sending lost data
    - UDP is connectionless, allowing for faster transmission with the risk of lost data
    - TCP favored for accuracy (e.g., file transfer), UDP for speed (e.g., video streaming)
    - Divides transmission into segments (TCP) or datagrams (UDP) for successful message transmission

Network Layer:

  • Network layer locates the destination of the request
  • Deals with logical addressing (IP addresses) for routing
  • Determines the best route within the network
  • Logical addresses organize and categorize networks

Data link Layer:

  • Data link layer focuses on physical addressing of the transmission
  • Adds MAC address of the receiving endpoint to the packet
  • Network Interface Card (NIC) in every network-enabled computer has a unique MAC address
  • MAC addresses are set by the manufacturer and cannot be changed
  • MAC address used to identify the destination of the information
  • Data link layer presents data in a suitable format for transmission
  • Checks received data for corruption, especially from the physical layer

Physical Layer:

  • Physical layer deals with the hardware of the computer
  • Handles electrical pulses for data transfer over a network
  • Converts binary data into signals for transmission
  • Receives incoming signals and converts them back into binary data

Which layer would choose to send data over TCP or UDP?

Ans: 4

Which layer checks received information to make sure that it hasn’t been corrupted?

Ans: 2

In which layer would data be formatted in preparation for transmission?

Ans: 2

Which layer transmits and receives data?

Ans: 1

Which layer encrypts, compresses, or otherwise transforms the initial data to give it a standardised format?

Ans: 6

Which layer tracks communications between the host and receiving computers?

Ans: 5

Which layer accepts communication requests from applications?

Ans: 7

Which layer handles logical addressing?

Ans: 3

When sending data over TCP, what would you call the “bite-sized” pieces of data?

Ans: segments

[Research] Which layer would the FTP protocol communicate with?

Ans: 7

Which transport layer protocol would be best suited to transmit a live video?

Ans: udp

Task 3 Encapsulation

  • Each layer adds layer-specific information to the transmission
  • Network layer adds source and destination IP addresses to the header
  • Transport layer adds protocol-specific information to the header
  • Data link layer adds a piece at the end for data integrity verification
  • The process is called encapsulation
  • Encapsulation ensures data can be sent from one computer to another securely and intact
  • Layers 7, 6, and 5 refer to the data simply as “data”
  • Transport layer names it a “segment” or “datagram” (TCP or UDP)
  • Network layer calls it a “packet”
  • Data link layer refers to it as a “frame”
  • When transmitted, the frame breaks down into bits
  • Receiving computer reverses the process in de-encapsulation
  • OSI model layers exist in every computer with network capabilities
  • Encapsulation and de-encapsulation provide a standardized method for data transmission
  • Standardization ensures consistent methodology for all transmissions, promoting universal understanding across devices

How would you refer to data at layer 2 of the encapsulation process (with the OSI model)?

Ans: Frames

How would you refer to data at layer 4 of the encapsulation process (with the OSI model), if the UDP protocol has been selected?

Ans: Datagrams

What process would a computer perform on a received message?

Ans: De-encapsulation

Which is the only layer of the OSI model to add a trailer during encapsulation?

Ans: Data Link

Does encapsulation provide an extra layer of security (Aye/Nay)?

Ans: Aye

Task 4 The TCP/IP Model

  • TCP/IP model is similar to the OSI model but a few years older
  • Consists of four layers: Application, Transport, Internet, and Network Interface
  • Application layer performs functions similar to OSI’s layers 7, 6, and 5
  • Transport layer corresponds to OSI’s Transport layer
  • Internet layer aligns with OSI’s Network layer
  • Network Interface layer resembles a combination of OSI’s Data Link and Physical layers
  • Both models cover a similar range of networking functions
  • Some recent sources split the TCP/IP model into five layers
  • Original four layers are Application, Transport, Internet, and Network Interface
  • Splitting Network Interface into Data Link and Physical layers is not officially defined
  • Both versions are generally considered valid in practice
  • OSI model is not commonly used in real-world networking
  • OSI model is helpful for learning the initial theory of networking
  • Encapsulation and de-encapsulation processes are the same in both models
  • Headers are added and removed at each layer of the TCP/IP model during encapsulation and de-encapsulation
  • TCP/IP is a suite of protocols defining rules for actions in networking
  • Named after Transmission Control Protocol (TCP) and Internet Protocol (IP)
  • TCP is connection-based, controlling data flow between two endpoints
  • TCP requires a three-way handshake for connection establishment
  • Three-way handshake involves sending a SYN bit to initiate, receiving SYN-ACK from the server, and confirming with an ACK bit
  • Completed three-way handshake ensures reliable data transmission
  • Lost or corrupted data is re-sent, contributing to the appearance of a lossless connection

Which model was introduced first, OSI or TCP/IP?

Ans: TCP/IP

Which layer of the TCP/IP model covers the functionality of the Transport layer of the OSI model (Full Name)?

Ans: Transport

Which layer of the TCP/IP model covers the functionality of the Session layer of the OSI model (Full Name)?

Ans: Application

The Network Interface layer of the TCP/IP model covers the functionality of two layers in the OSI model. These layers are Data Link, and?.. (Full Name)?

Ans: Physical

Which layer of the TCP/IP model handles the functionality of the OSI network layer?

Ans: Internet

What kind of protocol is TCP?

Ans: Connection-based

What is SYN short for?

Ans: Synchronise

What is the second step of the three way handshake?

Ans: SYN/ACK

What is the short name for the “Acknowledgement” segment in the three-way handshake?

Ans: Ack

Task 5 Networking Tools Ping

ping <Target>

man ping ( to get extra information )

What command would you use to ping the bbc.co.uk website?

Ans: ping bbc.co.uk

Ping muirlandoracle.co.uk
What is the IPv4 address?

Ans: 217.160.0.152

What switch lets you change the interval of sent ping requests?

Ans: -i

What switch would allow you to restrict requests to IPv4?

Ans: -4

What switch would give you a more verbose output?

Ans: -v

Task 6 Networking Tools Traceroute

traceroute <destination>

What switch would you use to specify an interface when using Traceroute?

Ans: -i

What switch would you use if you wanted to use TCP SYN requests when tracing the route?

Ans: -t

[Lateral Thinking] Which layer of the TCP/IP model will traceroute run on by default (Windows)?

Ans: internet

Task 7 Networking Tools WHOIS

whois <domain>

What is the registrant postal code for facebook.com?

Ans: 94025

When was the facebook.com domain first registered (Format: DD/MM/YYYY)?

Ans: 29/03/1997

Which city is the registrant based in?

Ans: Redmond

[OSINT] What is the name of the golf course that is near the registrant address for microsoft.com?

Ans: Bellevue Golf Course

What is the registered Tech Email for microsoft.com?

Ans: msnhst@microsoft.com

Task 8 Networking Tools Dig

  • Domain Name System (DNS) is a TCP/IP protocol that converts URLs into IP addresses
  • DNS allows requesting the IP address of a website from a special server
  • Computer first checks its local “Hosts File” and DNS cache for IP->Domain mapping
  • If not found, the computer sends a request to a recursive DNS server
  • Recursive DNS servers are known to the router on the network; ISPs and companies like Google and OpenDNS maintain them
  • Recursive server may have cached results for popular domains, otherwise, it forwards the request to a root name server
  • Root name servers redirect requests to Top-Level Domain (TLD) servers
  • TLD servers handle specific extensions (e.g., .com, .co.uk)
  • TLD servers redirect requests to Authoritative name servers
  • Authoritative name servers store DNS records for domains directly
  • When a request reaches the authoritative name server for a domain, it sends back relevant information
  • This process happens automatically when visiting a website but can be manually done with tools like dig
  • Dig allows manual querying of recursive DNS servers for domain information
  • Useful for network troubleshooting

What is DNS short for?

Ans: domain name system

What is the first type of DNS server your computer would query when you search for a domain?

Ans: recursive

What type of DNS server contains records specific to domain extensions (i.e. .com, .co.uk*, etc)*? Use the long version of the name.

Ans: top-level domain

Where is the very first place your computer would look to find the IP address of a domain?

Ans: hosts file

[Research] Google runs two public DNS servers. One of them can be queried with the IP 8.8.8.8, what is the IP address of the other one?

Ans: 8.8.4.4

If a DNS query has a TTL of 24 hours, what number would the dig query show?

Ans: 86400

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

--

--

Hiteshverma
Hiteshverma

Written by Hiteshverma

4 Followers
6 Following

Cybersecurity learner.

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams